WP-Safety

Re:amaze Helpdesk & Live Chat Security & Risk Analysis

wordpress.org/plugins/reamaze

Boost sales conversions, loyalty, and engagement. Manage your social, email, sms, live chat, FAQ for your WordPress or WooCommerce store.

400 active installs v2.3.2 PHP + WP 4.0+ Updated Jul 12, 2024
aicustomer-supporthelp-desklive-chatwoocommerce
92
A · Safe
CVEs total1
Unpatched0
Last CVEJun 22, 2022
Plugin page Download
Safety Verdict

Is Re:amaze Helpdesk & Live Chat Safe to Use in 2026?

Generally Safe

Score 92/100

Re:amaze Helpdesk & Live Chat has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 22, 2022Updated 1yr ago
Risk Assessment

The Reamaze plugin v2.3.2 exhibits a mixed security posture. While it demonstrates good practices by avoiding dangerous functions, file operations, and external HTTP requests, and generally uses prepared statements for SQL queries, significant concerns arise from its attack surface. All four identified REST API routes lack permission callbacks, creating potential unauthorized access points. Additionally, while nonce checks are present, the complete absence of capability checks on these exposed endpoints is a critical oversight.

The static analysis reveals a moderate level of concern regarding output escaping, with 23% of outputs not properly escaped, potentially leading to cross-site scripting vulnerabilities if untrusted data is rendered. The taint analysis, however, shows no critical or high severity flows, indicating that currently identified data flows are likely sanitized or not directly exploitable without additional context.

The plugin's vulnerability history shows one medium-severity CVE related to Cross-site Scripting, last patched in mid-2022. The fact that this vulnerability is no longer unpatched is positive, but the recurring nature of XSS suggests that output escaping practices may need further scrutiny. Overall, the plugin has strengths in its internal code handling but weaknesses in how its public-facing interfaces are secured, particularly the REST API.

Key Concerns

  • REST API routes without permission callbacks
  • Unescaped outputs (23% of total)
  • Vulnerability history (medium XSS CVE)
Vulnerabilities
1

Re:amaze Helpdesk & Live Chat Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-a6b0b516-af5c-474a-a674-b52cf80207ec-reamazemedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Re:amaze Helpdesk & Live Chat <= 1.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting

Jun 22, 2022 Patched in 2.0 (580d)
Code Analysis
Analyzed Mar 16, 2026

Re:amaze Helpdesk & Live Chat Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
2 prepared
Unescaped Output
43
142 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

67% prepared3 total queries

Output Escaping

77% escaped185 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
<reamaze-settings-page> (includes\admin\settings\reamaze-settings-page.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Re:amaze Helpdesk & Live Chat Attack Surface

Entry Points4
Unprotected4

REST API Routes 4

GET/wp-json/reamaze/v1/options/reamaze_account_idincludes\reamaze-api.php:68
GET/wp-json/reamaze/v1/options/reamaze_account_sso_keyincludes\reamaze-api.php:86
GET/wp-json/reamaze/v1/options/reamaze_widget_codeincludes\reamaze-api.php:99
GET/wp-json/reamaze/v1/options/reamaze_cue_codeincludes\reamaze-api.php:117
WordPress Hooks 16
actionwp_dashboard_setupincludes\admin\reamaze-admin-dashboard-widgets.php:23
actionadmin_menuincludes\admin\reamaze-admin-menus.php:27
actionadmin_menuincludes\admin\reamaze-admin-menus.php:28
actionadmin_menuincludes\admin\reamaze-admin-menus.php:29
actionadmin_menuincludes\admin\reamaze-admin-menus.php:30
actionadmin_initincludes\admin\reamaze-admin.php:25
actioninitincludes\admin\reamaze-admin.php:26
actioncurrent_screenincludes\admin\reamaze-admin.php:27
actionadmin_enqueue_scriptsincludes\admin\reamaze-admin.php:28
filtercomment_row_actionsincludes\admin\reamaze-admin.php:29
filterreamaze_settings_tabs_arrayincludes\admin\settings\reamaze-settings-page.php:28
actionrest_api_initincludes\reamaze-api.php:67
actioninitreamaze.php:18
actionwp_enqueue_scriptsreamaze.php:30
filteret_builder_enable_jquery_bodyreamaze.php:32
actionwp_footerreamaze.php:120
Maintenance & Trust

Re:amaze Helpdesk & Live Chat Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedJul 12, 2024
PHP min version
Downloads17K

Community Trust

Rating100/100
Number of ratings3
Active installs400
Alternatives

Re:amaze Helpdesk & Live Chat Alternatives

ILACHAT – AI Chatbot & Live Chat

ILACHAT – AI Chatbot & Live Chat

ilachat

A
100

AI-powered chatbot and live chat for WordPress & WooCommerce. Boost support, sales, and lead capture with real-time data.

200 No CVEs
Storebird AI Chat for WooCommerce

Storebird AI Chat for WooCommerce

storebird-ai-chat-for-woocommerce

A
100

AI-powered customer support chatbot for WooCommerce. Automate product questions, order tracking, and lead capture — 24/7.

10 No CVEs
Desku.io – Live Chat, Help Desk & Knowledge Base

Desku.io – Live Chat, Help Desk & Knowledge Base

desku-livechat-ai-chatbot

A
100

AI customer service software for WordPress—live chat, instant replies & a smart knowledge base to boost support in minutes.

0 No CVEs
DominoPilot – AI Live Chat Assistant

DominoPilot – AI Live Chat Assistant

dominopilot-ai

A
100

Add an intelligent, context-aware AI Live Chat Assistant to your website to instantly answer customer questions, recommend products, and more.

0 No CVEs
Kust AI – Smart Customer Support Chatbot & Help Desk

Kust AI – Smart Customer Support Chatbot & Help Desk

kust-ai-widget

A
100

AI-powered customer support chatbot that resolves 97% of tickets automatically. Multi-language support, live chat, analytics, and seamless WordPress i &hellip;

0 No CVEs
Developer Profile

Re:amaze Helpdesk & Live Chat Developer Profile

Reamaze

1 plugin · 400 total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
580 days
View full developer profile
Detection Fingerprints

How We Detect Re:amaze Helpdesk & Live Chat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/reamaze/assets/css/reamaze-frontend.css/wp-content/plugins/reamaze/assets/js/admin/jquery.postmessage.min.js/wp-content/plugins/reamaze/assets/js/admin/jquery.deparam.min.js/wp-content/plugins/reamaze/assets/js/admin/jquery.colorbox.min.js/wp-content/plugins/reamaze/assets/js/admin/jquery.markitup.js/wp-content/plugins/reamaze/assets/js/admin/markitup-driver.js/wp-content/plugins/reamaze/assets/js/admin/reamaze-admin.js/wp-content/plugins/reamaze/assets/css/colorbox.css+2 more
Script Paths
https://cdn.reamaze.com/assets/reamaze-loader.jshttps://d3itxuyrq7vzpz.cloudfront.net/assets/reamaze-loader.js
Version Parameters
reamaze/assets/css/reamaze-frontend.css?ver=reamaze/assets/js/admin/jquery.postmessage.min.js?ver=reamaze/assets/js/admin/jquery.deparam.min.js?ver=reamaze/assets/js/admin/jquery.colorbox.min.js?ver=reamaze/assets/js/admin/jquery.markitup.js?ver=reamaze/assets/js/admin/markitup-driver.js?ver=reamaze/assets/js/admin/reamaze-admin.js?ver=reamaze/assets/css/colorbox.css?ver=reamaze/assets/css/admin/reamaze-admin.css?ver=reamaze/assets/css/admin/markitup.css?ver=

HTML / DOM Fingerprints

CSS Classes
reamaze-create-conversation
Data Attributes
data-reamaze-lightboxdata-reamaze-path
JS Globals
window._support
Shortcode Output
[reamaze_kb_embed][reamaze_support_embed]
FAQ

Frequently Asked Questions about Re:amaze Helpdesk & Live Chat